Merge pull request #7127 from terraform-providers/b-aws_acm_certifica…

…te-import-ip-address-cert resource/aws_acm_certificate: Prevent crash with empty SubjectAlternativeNames
hashicorp · Jan 14, 2019 · 644235b · 644235b
2 parents 2fb7c1f + 8b70645
commit 644235b
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 4 deletions.
diff --git a/aws/resource_aws_acm_certificate.go b/aws/resource_aws_acm_certificate.go
@@ -277,10 +277,10 @@ func resourceAwsAcmCertificateUpdate(d *schema.ResourceData, meta interface{}) e
 
 func cleanUpSubjectAlternativeNames(cert *acm.CertificateDetail) []string {
 	sans := cert.SubjectAlternativeNames
-	vs := make([]string, 0, len(sans)-1)
+	vs := make([]string, 0)
 	for _, v := range sans {
-		if *v != *cert.DomainName {
-			vs = append(vs, *v)
+		if aws.StringValue(v) != aws.StringValue(cert.DomainName) {
+			vs = append(vs, aws.StringValue(v))
 		}
 	}
 	return vs

diff --git a/aws/resource_aws_acm_certificate_test.go b/aws/resource_aws_acm_certificate_test.go
@@ -459,7 +459,7 @@ func TestAccAWSAcmCertificate_tags(t *testing.T) {
 	})
 }
 
-func TestAccAWSAcmCertificate_imported(t *testing.T) {
+func TestAccAWSAcmCertificate_imported_DomainName(t *testing.T) {
 	resourceName := "aws_acm_certificate.cert"
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -492,6 +492,33 @@ func TestAccAWSAcmCertificate_imported(t *testing.T) {
 	})
 }
 
+// Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/7103
+func TestAccAWSAcmCertificate_imported_IpAddress(t *testing.T) {
+	resourceName := "aws_acm_certificate.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProvidersWithTLS,
+		CheckDestroy: testAccCheckAcmCertificateDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAcmCertificateConfigPrivateKey("1.2.3.4"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "domain_name", ""),
+					resource.TestCheckResourceAttr(resourceName, "subject_alternative_names.#", "0"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				// These are not returned by the API
+				ImportStateVerifyIgnore: []string{"private_key", "certificate_body"},
+			},
+		},
+	})
+}
+
 func testAccAcmCertificateConfig(domainName, validationMethod string) string {
 	return fmt.Sprintf(`
 resource "aws_acm_certificate" "cert" {
@@ -570,6 +597,36 @@ resource "aws_acm_certificate" "cert" {
 `, certName)
 }
 
+func testAccAcmCertificateConfigPrivateKey(commonName string) string {
+	return fmt.Sprintf(`
+resource "tls_private_key" "test" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "test" {
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+
+  key_algorithm         = "RSA"
+  private_key_pem       = "${tls_private_key.test.private_key_pem}"
+  validity_period_hours = 12
+
+  subject {
+    common_name  = %q
+    organization = "ACME Examples, Inc"
+  }
+}
+
+resource "aws_acm_certificate" "test" {
+  certificate_body = "${tls_self_signed_cert.test.cert_pem}"
+  private_key      = "${tls_private_key.test.private_key_pem}"
+}
+`, commonName)
+}
+
 func testAccCheckAcmCertificateDestroy(s *terraform.State) error {
 	acmconn := testAccProvider.Meta().(*AWSClient).acmconn